<?php

//--------------------------------------------------
//	Filename: comments_new_news.php
//--------------------------------------------------
if( !defined('IN_INDEX') )
{
	posterror("ACCESS DENIED", "This page is hidden.");
	exit;
}
if(!checkSession())
{
			function redirect($url)
			{
			?>
				<script type="text/javascript">
					{
					window.location = "<?=$url?>";
					}
				</script>
			<?php 
			}
			redirect("index.php?action=login");
	exit;
}
if(isset($_REQUEST['id']))
	{
		$USER_PROFILE = new User('id', $_REQUEST['id']);
		$page_url = "index.php?action=news&nid=" . $_REQUEST['nid'];
	}
	else
	{
		$USER_PROFILE = $USER;
		$page_url = "index.php?action=news";
	}

if(checkSession())
{
	$error_msg = "";
	if(isset($post_id) && isset($post_type) && isset($post_url) && isset($USER))
	{
		$com['rating'] = -1;
		$com['comment'] = "";
		
		if(!isset($CONFIG['post_time_delay']))
		{
			$CONFIG['post_time_delay'] = 30;
		}
		
		$missing = array();
		if(isset($_POST['comment_submit']))
		{
			
			$com['rating'] = $_POST['comment_rating'];
			$com['comment'] = htmlspecialchars($_POST['comment_text']);
			$com['owner'] = $_POST['comment_owner'];
 			$sql = "SELECT comment_date FROM comments WHERE user_id='" . $USER->getId() . "' AND comment_date > " . (time() - $CONFIG['post_time_delay']) . " ORDER BY -comment_date";
			if(!$result = $db->sql_query($sql))
			{
				
			}
			else
			{
				if($db->sql_affectedrows() > 0)
				{
					if($row = $db->sql_fetchrow($result))
					{
						$time_ago = time() - $row['comment_date'];
						$time_until = $CONFIG['post_time_delay'] - $time_ago;
						$error_text = $LANG['wait_timer_to_post'];
	    				$error_text = str_replace('VAR1', $time_until, $error_text);
						$error_msg = "<span class=\"error\">" . $error_text . "</span>";
					}
				}
				else
				{
					$com_checked = 0;
					
					foreach($com as $k => $v)
					{
						if(isset($v) && $v != "")
						{
							$com_checked++;
						}
						else
						{
							$missing[$k] = "missing";
						}
					}
					
					if($com_checked >= 2)
					{
						$com['comment'] = str_replace("'", "\'", $com['comment']);
						$sql = "INSERT INTO comments SET ".
						"post_id='" . $post_id . "', ".
						"post_type='" . $post_type . "', ".
						"user_id='" . $USER->getId() . "', ".
						"comment_text='" . $com['comment'] . "', ".
						"comment_date='" . time() . "', ".
						"comment_rating='" . $com['rating'] . "', ".
						"comment_owner='" . $com['owner'] . "'";
						if(!$result = $db->sql_query($sql))
						{
							printerror("SQL ERROR", mysql_error($sql) ."<br />" . mysql_errno($sql));
						}
						// Add +1 to user_posts
						$sql2 = "UPDATE users SET user_posts = user_posts+1 WHERE user_id =" . $USER->getId() . "";
						if(!$result2 = $db->sql_query($sql2))
						{
							printError("SQL ERROR", mysql_error($sql2));
						}
						else
						{
							if(!isset($USER_PROFILE))
							{
								if(isset($NEWS))
								{
									$uid = $NEWS['user_id'];
								}
								else
								{
									$uid = 0;
								}
								$USER_PROFILE = new User('id', $uid);
							}
							
							if($USER_PROFILE->getMsgFromComments() == 1 && $USER_PROFILE->getId() != 0 && $USER_PROFILE->getId() != 1 && $USER_PROFILE->getId() != $USER->getId())
							{
								switch($post_type)
								{
									case 'news':
										$pm_id = $USER->getId();
										$pm_subject = translate('newcommentonyourblog') ." <b>" . $NEWS['title'] . "</b>";
										$pm_body = formatComment($com['comment']) . "<a href=\"index.php?action=news&sub=show&nid=" . $post_id . "\"> " . translate('clicktogotopost') . " </a>";
										sendPM($USER_PROFILE->getId(), $pm_id, $pm_subject, $pm_body, 0);
										break;
									default:
										break;
								}
							}
							
							echo"<meta http-equiv='refresh' content='0;url=index.php?action=news&sub=show&nid=" . $post_id . "' />";
							echo "<h1>" . ucfirst(translate('post_successful')) . "</h1>";
							echo "<br/>" . translate('redirectedin') . " <a href='index.php?action=news&sub=show&nid='" . $post_id . "'>" . translate('clickhere') . "</a>";
							exit;
						}
					}
				}
			}
		}

?>

<div id="respond">
<form name="comment" method="post" action="<?php echo $post_url; ?>">
	<table>
    <h2><?php echo translate('write_comment'); ?></h2>
    <tr>
    <td>
    <?php echo $error_msg; ?>
    </td>
    </tr>
			<td colspan="2">
				<textarea id="comment_text" name="comment_text" cols="115" rows="4"><?php echo $com['comment']; ?></textarea>
				<?php
				if(isset($missing['comment']))
				{
					echo "<span class=\"error\"><-- " . translate($missing['comment']) . "</span>";
				}
        ?>
			</td>
		</tr>
        
        	<tr>
			<td>

				<select name="comment_rating">
				<?php
				for($i=-1; $i<11; $i++)
				{
					$selected = "";
					if($i==-1)
					{
						$text = translate('no_rating');
					}
					else
					{
						$text = $i;
					}
					if($i == $com['rating'])
					{
						$selected = " selected=\"selected\"";
					}
					echo "<option value=\"".$i."\"".$selected.">".$text."</option>\n";
				}
				?>
			</select>
            </td>
            <td align="right">
            <input style="font-weight:bold;" align="right" type="submit" name="comment_submit" value="<?php echo translate('submit_comment'); ?>">
            <input type="hidden" id="comment owner" name="comment_owner" value="<?php echo $blog_user_id; ?>" />
			</td>
            
		</tr>
	</table>
</form>
<?php
	}
	else
	{
		echo translate('comment_load_failed');
	}
}
else
{
	echo translate('need_to_login_comment');
	?>
	<br />
	<a href="index.php"><?php echo translate('click_to_login'); ?></a>
	<?php
}
?>
</div>